Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


12:10 PM
Dark Reading
Dark Reading
Products and Releases


FireDrill challenges existing on-premise network and cloud infrastructures to help organizations continuously, automatically, and affordably attack, measure and improve their defenses

San Diego, CA – January 20, 2016 – AttackIQ today unveiled their highly anticipated SaaS platform FireDrill purpose-built to hold security controls accountable through live remote testing. Using safe indicators of attacks and scenario-based behaviors FireDrill pinpoints flaws, frailty, and vulnerabilities currently hiding within your network. Pre-built with hundreds of scenarios from across key industries FireDrill can be deployed in minutes and immediately reduce the cost, time, and effort in mitigating risk.

AttackIQ, in celebration of this launch, has also announced a two-week free trial of FireDrill to immediately demonstrate its power to help security teams assure resiliency.

What FireDrill Does, And Why

“The most thorough conventional evaluations cannot safely validate a security control against real-world attacks prior to purchase or deployment,” said Stephan Chenette, co-founder of AttackIQ. “Even after deployment, many security controls, regardless of how they are implemented have a high rate of failure, misconfiguration or obsolescence. We created FireDrill to end the confusion and bring accountability to security controls. The product was built with a simple promise, to continuously, easily, and affordably test all IT and security controls under live and current scenarios.”

During the past year AttackIQ’s FireDrill was made available to some of the world’s most targeted organizations to validate the solutions abilities and help create the hundreds of now proven scenarios available today. Sitting down with these users before FireDrill was made publically available it was clear the value they had realized.

“FireDrill provides my teams and me a baseline of truth into the security controls and cybersecurity suite we have deployed to protect our organization,” said Gary Hayslip, Chief Information Security Officer, City of San Diego. “It allows us to prove the funds spent on building our Security Operations Center provide value to our stakeholders, the City of San Diego.”

How FireDrill Works

FireDrill is a SaaS platform that replicates indicators of attacks and models network user behavior to pinpoint flaws, frailty, and vulnerabilities hiding within your network. The resulting intelligence, and recommendations, help you to more quickly improve the security posture of your technology, processes, and people. The FireDrill console and platform can be seamlessly integrated into a company’s infrastructure by either running inside of the network in “agentless” mode or for more concise and granular testing on the hosts that need to be validated and tested in “agent” mode. Both modes can work together to assess both network and host level security gaps, misconfiguration and validations. FireDrill combines these capabilities to allow teams to:


1.    Test

With one click users command FireDrill to run relevant scenarios related to adversarial modeling, validation, and security control testing on their network in a safe and controlled manner. Users have at their fingertips hundreds of proven scenarios and can quickly build their own cutting-edge test scenarios.


2.    Attack

FireDrill continuously collects intelligence and analyzes current attack techniques, tactics, and procedures to update the scenario library. Our user-friendly console then allows security teams of multiple skill levels to run up-to-date attack scenarios, analyze results, and create prioritized actionable reports.


3.    Measure

FireDrill’s real-time visibility provides a holistic and easy to understand view of security gaps within your network and automatically generates reports that exposes security gaps and misconfigurations.


4.    Improve

Reports detail which vectors make you susceptible to attack and detailed recommendations from FireDrill outline exactly what your team must do to improve segments of your network that are misconfigured or lack the correct technology controls.

"AttackIQ's FireDrill technology maximizes a security team's responsiveness by going further than the traditional tabletop exercise or red team,” said Ryan McGeehan, Former Director of Facebook Security.

About AttackIQ

AttackIQ was founded to bring assurance to security. The company’s landmark FireDrill SaaS platform provides automated, continuous, and remote security testing to pinpoint vulnerabilities in technologies, people, and processes with the detailed recommendations on how to plug those holes. Learn more and get started with our 2-week free trial at attackiq.com.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/28/2020
Stay-at-Home Orders Coincide With Massive DNS Surge
Robert Lemos, Contributing Writer,  5/27/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-05-29
There is an Incorrect Authorization vulnerability in Micro Focus Service Management Automation (SMA) product affecting version 2018.05 to 2020.02. The vulnerability could be exploited to provide unauthorized access to the Container Deployment Foundation.
PUBLISHED: 2020-05-29
A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion.
PUBLISHED: 2020-05-29
All versions of snyk-broker before 4.72.2 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users who have access to Snyk's internal network by appending the URL with a fragment identifier and a whitelisted path e.g. `#package.json`
PUBLISHED: 2020-05-29
All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk's internal network of any files ending in the following extensions: yaml, yml or json.
PUBLISHED: 2020-05-29
All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG.